1

Title ISP-2004: Industrial Security Professional Certification Program Manual

Version 2.3

Owner ISP® Committee

Industrial Security Professional

Certification Program

ISP® Certification Program Manual

NCMS, Inc. The Society of Industrial Security Professionals

Approved By: ISP® Committee

Effective/Revision Date: February 2018

Distribution: External

Copyright 2018, NCMS, Inc. All rights reserved

2

TABLE OF CONTENTS

TOPIC PAGE

I. General 4

II. Responsibilities 9

III. Application 11

IV. Certification 12

V. ISP® Certification Committee Organization 121

VI. Code of Ethics 14

VII. Recertification 15

VIII. Examination Facts 16

IX. Study References and Sources 18

X. Examination Maintenance and Security 18

XI. Examination Preparation Program 19

XII. Appeals & Complaints Process 19

XIII. Self-Assessments and Audits 21

XIV. Continuous Improvement and Corrective Actions 22

1 Section added 3/12

3

XV. CEU Determination for Chapter Events 23

XVI. Contracts and Subcontracts 242

XVII. ISP® Logo and Mark 25

XVIII. Accreditation Mark, Symbol, or Reference 26

RELATED PROGRAM DOCUMENTS (see Executive Director for materials)

1.ISP® Program History

2.Document Control Policy

3.Application Form (available online only at www.ncms-isp.org)

4.Recertification Credit Guide

5.Recertification Application Form

6.CEU Review Subcommittee SOP

7.CEU Calculations

8.Security Plan

9.ISP® Certification Certificate

2 Section added 3/12

4

I. GENERAL A. Introduction

NCMS created the Industrial Security Professional (ISP®) Certification because the Society saw a need to focus specifically on the needs of the Industrial Security Professional, including their government counterparts. Other existing security-related professional certifications are not specific enough to target the industrial security specialist who must follow the National Industrial Security Program Operating Manual (NISPOM) and related government security requirements relative to the protection of government classified information.

B. Goals

1. Improve professionalism within industry and government security. 2. Enhance the recognition of experienced industry and government security professionals. 3. Increase the recognition of NCMS as the premier security organization.

C. Purpose

The purpose of the ISP® certification program is two-fold: 1. Provide recognition of the professional training and qualifications of experienced

practitioners of industrial and government security, most specifically industrial security Facility Security Officers (FSOs) and their government equivalents.

2. Provide guidelines for maintaining up-to-date knowledge within the profession. D. Definitions (in the context of a certification)3

1. Fair: Designed so that every applicant has and follows the same opportunity, rules, exam, and standards.

2. Impartial: Designed so that no outside or inside forces can skew the certification program in any fashion, particularly by granting favors to a particular person or group.

3. Reliable: Designed so that the examination questions are accurate and the results are repeatable in a statistically verifiable manner.

4. Relevant: Designed so that the examination questions are pertinent to the certification field; in this case a Facility Security Officer (FSO) in Industrial Security with at least 5 years of relevant experience.

E. Eligibility

1. Candidates must have at least five years cumulative experience in the industrial security field. NOTE: Military or police experience alone does not qualify; such service must include substantial industrial security experience within these professions to qualify for the five-year experience requirement. Each case will be determined based upon its merits. Final determinations will be made by the ISP® Certification Committee.

2. Candidates must be working in industrial security at least part-time as part of their job description (a minimum of 10% of their total workload) in order for the experience to qualify.4

3. Candidates do not need to be currently working in industrial security to apply for the exam as long as their work history satisfies the five year minimum requirement.5

F. Certification Requirements

3 Section added 01/15 to comply with standard. 4 Clarification added 11/15 5 Eligibility changed per Board vote 04/15

5

1. Candidates must provide a written recommendation from their supervisor. If a candidate does not have a supervisor, a member of the NCMS Board of Directors or an ISP® in good standing may provide a recommendation.6

2. Candidates must attain a score of 75% on the ISP Certification Examination. G. Examination Focus and Regulatory Basis

The examination focus is for security professionals who act as Facility Security Officers, or an equivalent, for facilities that protect classified government information and material. The technical basis of the examination is the NISPOM and the requirements of related government security programs, such as Operations Security (OPSEC), Communications Security (COMSEC), Counterintelligence, Special Access Programs (SAP)7, and Self-Assessments.

H. Examination Composition and Administration8

1. The ISP® Certification examination comprises 100 base questions covering the nine primary areas of Industrial Security Management (Security Administration and Management, Document Security, Information Systems Security, Physical Security, Personnel Security, International Security, Classification, Security Education, and Audits and Self-Assessments) and ten questions chosen from two of the five elective areas (OPSEC, COMSEC/TEMPEST, Counterintelligence, Special Access Programs (SAP), and Intellectual Property). The total number of questions on the examination is 110. Candidates must pre-select their two preferred electives so that five questions from each elective can be included on the individual’s exam. The examination is administered on-line and is open book, including the use of computer references.

2. The rationale for using an open book examination is to replicate the office environment where references are available and to encourage referencing current documents to ensure the enforcement of the current requirements. This method of examination thus discourages the improper use of “memory” and “experience” and emphasizes referring to the correct requirement documents because requirements change frequently.9

3. The examination is two hours long and is designed so that the candidate will have time to look up some, but not most, questions.

4. The candidate may not consult with other individuals during the examination nor may they use on-line resources.

5. Candidates may not write down questions and remove them from the examination room. Any form of data mining/harvesting such as memorizing questions to give to others is forbidden.10

6. References are listed on the ISP® page of the NCMS website (classmgmt.com). 7. The examination is available on-line at all times, and is given every year on the day preceding

the Annual Training Seminar. This on-line examination is proctored by a designated ISP®. 8. With permission from the ISP® Committee Chair and with an ISP® proctor, Chapters may

administer a local ISP® Examination on-line to multiple candidates. 9. The Executive Director administers the ISP® Certification Program. Details are in the

responsibilities section of this policy. 10. The ISP® Certification Committee Chair (or designated representative) approves all

applications and examination final results.

I. Special Needs Candidates11

6 Changed to allow an ISP to write recommendation per Board vote 04/15 7 Elective added 6/12 8 All references to hard copy exams removed per ISP® Committee; 8/12 9 Clarified by ISP® Committee 9/13 10 Added by ISP® Committee; 8/12

6

1. ISP® Certification candidates may request special consideration or accommodation by writing to the Executive Director, who will forward the request to the ISP® Certification Committee Chair for resolution. All requests for special consideration must include the specific condition that requires the accommodation and a written doctor’s verification of the condition creating the need for accommodation.12

2. Accommodations such as extra space for a wheelchair, large print examination, and extra time to complete the examination due to visual impairment may be made if the need is documented by the candidate with written verification by appropriate medical professional(s) as necessary.13

3. If an applicant has special needs for the examination, then the ISP® Committee Chair will determine what, if any, accommodations will be made. As a general rule all candidates must comply with the requirements of the certification, answer the same number of examination questions, and meet the same minimum score. The key is to balance the legitimate needs for accommodation of the candidate with maintaining standards, fairness, and consistency of the certification and examination.

J. Proctor Requirements14

1. Although the on-line version of the ISP® examination is available at any time, it must be proctored by a certified ISP®, or other qualified proctor. Applicants must, therefore, coordinate with their Chapter Chair, or the Executive Director (if they are in the Virtual Chapter), to determine where and when they can take the examination under the supervision of an authorized proctor. Once a proctor is selected and a time and place for the examination is determined, the Executive Director will provide the proctor with a Proctor Packet and log-in codes (see Proctoring Instructions for details).

2. Applicants must coordinate with their Chapter Chair to obtain a proctor and then submit the standard application form at least 30 days prior to the examination date.

3. If the applicant is located a great distance from any available ISP® Proctors, the Chapter Chair or Executive Director will attain the support of a proctoring agent in the area. Examples are universities, colleges, and professional on-line testing organizations. (See Proctoring Qualifications paragraph for details.)

4. Any proctor not fulfilling the proper conduct of a proctor, such as not silencing their cell phone, making excessive noise which negatively affects candidates, leaving the testing room unattended (there must be one proctor providing oversight at all times), etc. may be suspended from proctoring. Any exam session for which the proctor has not satisfactorily met the proctoring responsibilities will not be eligible for CEU award for proctoring.15

K. Proctor Qualifications 16

1. To avoid the appearance of improprieties such as misuse of authority, undue influence, or potential gain from the exam conduct or results thereof, all proctors must be disinterested third parties, i.e., they must be totally dispassionate about the results of the examination. For example, a candidate’s supervisor/manager, co-worker, HR manager, or other company employee would not be considered a disinterested third party. Additionally, a relative, good friend, or significant other would not be considered a disinterested third party. This policy

11 Revised by ISP® Committee; 2/12 12 Clarified by ISP® Committee; 8/12 13 Revised by ISP® Committee; 02/18 14 Sub-section Title changed per ISP® Committee; 8/12 15 Added 1/14 by ISP® Committee to address CEU eligibility. 16 Requirements formalized September 2011 by the ISP® Committee

7

also carries over to any volunteer or membership organization to which the proctor and the candidate mutually belong.

2. Proctors will be an ISP®, unless none are available, and must be approved in advance of taking the examination.

3. Other Proctor Types: a. Professional Proctor (company or individual) b. Teacher/Trainer/Professor c. Security Professional d. Government Official/Representative e. Certified Librarian

4. In all cases, the proctor must draft an affidavit attesting to his or her qualifications and this affidavit must be included with the candidate’s ISP® application.17 a. There are no specific qualifications for each category of potential proctor; rather, the

“reasonable person” theory will be used by the Executive Director when determining the qualification of the proctor. We are looking for reliable professionals as a general rule.

b. Non-ISP® security professionals who proctor the examination may not take the ISP® examination for three years.

5. A Chapter Chair may proctor an exam for a member of his or her chapter, provided there is no reporting, working, or professional relationship between the two individuals and provided that the Chapter Chair meets the proctor requirements as defined in this section18. A Chapter Chair may also be permitted to proctor an exam for multiple individuals within the chapter even if one or more candidates work for the same company as the Chair, as long as there are also candidates participating who work for other companies.

L. Re-testing and Exam Retakes19

There are two categories of re-testing: re-test and retake by exception. A re-test occurs when the candidate fails the examination and takes it again after fulfilling the designated wait period. A retake by exception applies when there is a problem that prohibits the candidate from completing the examination (i.e., losing internet connectivity), or a situation arises that compromises the examination environment (i.e., a facility evacuation). Retakes by exception are reviewed on a case-by-case basis and are limited to only validated and approved anomalies beyond the control of the candidate or proctor. 1. The following details apply to retake by exception:20

a. The request must be presented in writing by the candidate with signed confirmation of details by the proctor and submitted to the Executive Director within 24 hours of completion of the exam session. Once received, Executive Director will forward to the ISP® Chair no later than the next business day for review.

b. The ISP® Chair will initiate a review to validate details and determine if approval of the retake is appropriate.

c. The ISP® Chair will advise the Executive Director of approval/non-approval status no later than two business days following receipt of the request. If the ISP® Chair is not available, the Vice Chair shall conduct the review. If not approved, standard re-test procedures apply. The Executive Director will advise the candidate of approval/non-approval status within one business day of receiving the decision from the chair or vice chair.

17 Effective November 2011 18 Clarification of chapter chair eligibility December 2015 19 Clarification of “retake” vs. “retest” and processes for “retake” added by ISP® Committee 1/14 20 Retake policy updated to include specific timelines; 08/17

8

d. If approved, the candidate has two weeks from approval to retake the examination. If the candidate fails the retake, standard re-test procedures apply.

e. There is no additional cost to the candidate for an approved retake by exception examination.

f. MMCo will retain comprehensive records of all retake by exception requests.

2. The following details apply to the re-test. a. Candidates who fail the ISP® Certification examination may re-test after a period of six

months. b. Candidates must notify the Executive Director in writing 30 days prior to the examination

date. A new application and other materials are not required to be resubmitted, unless the base data or the supervisor has changed, or if the approval date for the original exam application was more than twelve months ago.21 In either case new materials will need to be submitted.

c. Candidates who fail the test a second time will have to wait six additional months and re-apply as if he or she were a new candidate, including the full fee.

M. Cost22

1. Cost of the ISP® examination is $275 for NCMS members. 2. Cost of the ISP® examination is $400 for non-NCMS members. 3. There is a $50 surcharge for international candidates. 4. Cost of a re-test is $140 for NCMS members. 5. Cost of a re-test is $200 for non-NCMS members.

N. History23

The ISP® Certification Program was developed during 2001 through 2004 and became an official NCMS program in June 2004. The ISP® Certification Program was accredited by the American National Standards Institute (ANSI) on 24 September 2013. See Attachment 1 for details.

O. NCMS Training24 NCMS training is developed and controlled by the NCMS Training and Education Committee, which is totally separate from the ISP® Committee. All NCMS training is for professional development, not specifically to pass the ISP® Certification Examination. The Exam Preparation Program (EPP) is overseen by this committee. See section XI for details of this program.

P. Firewall Between Training and ISP® Certification Program25 Special attention must be paid to ensuring that the EPP facilitators or participants do not gain access to the ISP® examination questions. Likewise, all training must be kept totally separate from the ISP® Certification Program.

Q. Document Control Proper document control of all ISP® documents will be maintained at all times following the ISP® Document Control Policy. (Attachment 2)

21 Clarification made on submission of new materials; 1/15 22 Costs revised 3/14 to reflect price increases. 23 Section added per ISP® Committee; 8/12 24 Section added per ISP® Committee; 8/12 25 Section added per ISP® Committee; 8/12

9

R. Accreditation 1. The ISP Certification Program was accredited by ANSI on 24 September 2013. The ISP®

Certification Program accreditation identification number is 0860 and is valid through September 24 2018.

2. The ANSI accreditation program requirements are outlined in ANSI/ISO/IEC 17024 2nd Edition dated 2012 07-01, which is located on the ANSI website.26

3. The accreditation program requirements provide standards that must be met, but they do NOT specify how the standards must be met. The ISP® Certification Committee and NCMS determine how to meet all standards.

4. Annual reports to ANSI are required, and ANSI performs periodic reviews; all requirements are stated in PCAC-CA-502, Manual of Operations for Accreditation, chapter 8.

S. Accreditation Committee

1. The Accreditation Committee is a committee authorized by the NCMS Policies and Procedures Manual, Section III, C.

2. The Chair of the Accreditation Committee is tasked with working closely with the ISP® Certification Committee Chair to ensure that the ISP® Certification Program remains in compliance with ANSI requirements.

T. Impartiality27 The ISP® Program is dedicated to being totally impartial regarding determining candidate eligibility; and during the examination, certification award, and recertification processes.

II. RESPONSIBILITIES

A. Board of Directors 1. Under the direction of the President, oversees the ISP® Program, using the ISP® Certification

Committee Chair and Vice-Chair as the points of contact. 2. Provides budget support and oversight. 3. Reviews the program at least annually to ensure that it remains up-to-date, relevant, and

impartial organizationally and operationally.28 4. Approves major changes to the program, program budget, new standards, and new

certifications.

B. ISP® Certification Committee Chair and Vice-Chair 1. Oversees and works with the Executive Director on the daily running of the ISP®

Certification Program. 2. Approves recommendations for eligibility of applicants/candidates.29 3. Approves final examination results and awarding of the ISP® Certification.30 4. Approves final examination results for candidates who fail the exam.31 5. Performs all ISP® oversight duties outlined in the NCMS P&P Manual. 6. Ensures that the ISP® Certification Program is maintained in an up-to-date, relevant, and

professional status, which includes an annual review of the ISP® program, examination questions, and examination results; and a new JTA every 5 years or upon publication of a

26 Updated 09/14 to list updated ANSI reference 27 Added per ISP® Committee to address ANSI standard; 5/14 28 Added by committee to address ANSI standard; 05/14 29 Effective January 2011 30 Effective January 2011 31 Effective May 2012

10

new NISPOM, whichever comes first. Details of how this is accomplished are in the Examination Construction, Maintenance, and Administration Policy.32

7. Reports to the Board of Directors the status of the ISP® Certification Program quarterly, to include recommended changes to the program at least annually.

8. Recommends to the Board for approval any changes to standards or program, budget, and new certifications.

9. Oversees and approves annual self-assessments of the ISP® Certification Program. These approvals must be in writing.33

10. Oversees and approves all corrective action plans, continuous improvement activities, and quality improvement initiatives; verifies completion of all corrective actions; keeps records of these activities; and keeps the Board of Directors informed.

11. Cooperates with the ISP® Accreditation Committee as needed. 12. Ensures that all ISP®s, ISP® Committee members, Board members, proctors, and contractors

annually sign the appropriate Confidentiality and Conflict of Interest Statement. 13. Monitors the work of all contractors supporting the ISP® Certification Program. 14. Conducts quarterly34 ISP® Certification Committee meetings and ensures that notes are taken

and filed with the Executive Director. 15. Publicizes any changes to the ISP® Program through all available means: Chapter Liaison,

Bulletin, ISP® Webpage, and national training seminar. 16. Ensures that all rules and standards are enforced, to include maintenance of required

records.35 17. Ensures that all ISP® Committee Members are properly trained to perform any tasks assigned

to them. This includes the Chair and Vice-Chair being properly trained by their predecessors. Training records must be kept.36

18. Works with Executive Director and examination contractor to ensure that examination questions are not being “harvested.” This includes using internet programs to determine if inappropriate internet activity is indicating the compromise of examination questions.37

19. Conducts, or delegates to the Vice-Chair, all inquiries/investigations into any security compromises or attempts to violate impartiality and fairness of the program.38

20. Ensures that the ISP® Certification Program is completely impartial in all of its actions, and that organizational impartiality is maintained.39

21. Reports any attempts to circumvent policies and procedures or to unduly influence or corrupt the process to the BoD President.40

C. Executive Director41

1. Works closely with the ISP® Committee to ensure the program is properly administered. 2. Follows the ISP® Certification Program Manual. 3. Maintains the official ISP® Certification files, documents, and records. (See paragraph IV B

for details.) 4. Responsible for Document Control, which includes version control.

32 Added by ISP® Committee; 2/12 33 Added by ISP® Committee; 8/12 34 Revised by ISP® Committee; 05/17 35 Revised by ISP® Committee; 2/12 36 Added by the ISP® Committee; 8/12 37 Added by ISP® Committee; 8/12 38 Added by ISP® Committee for clarification; 12/13; additional clarification 05/14 39 Added by ISP® Committee to address ANSI standard; 05/14 40 Added by ISP® Committee to address ANSI standard; 05/14 41 Revised by ISP® Committee; 2/12

11

5. Reviews applications, verifies the validity of information, verifies that the selected proctor is qualified, and recommends eligibility to take the ISP® Examination.42

6. Contacts candidates directly if applications are incomplete and maintains applications in a pending file until material is received.

7. Reviews candidate examination results and recommends granting of ISP® Certification for those who have a passing grade.43 All test results are forwarded to the ISP® Chair for concurrence. 44

8. Provides notices for recertification. 9. Supervises the contractor providing IT support for the on-line ISP® examination. 10. Provides proper security of all ISP® files, records, examinations, seals, ISP® pins,45 and

certificates. 11. Receives and reviews recertification applications, verifies the validity of information, and

recommends eligibility for recertification.46 12. Consults with the ISP® Certification Committee Chair regarding any questions on an

applicant’s eligibility to take the examination or whether or not claimed recertification CEU credits are acceptable.

13. Maintains the on-line test (vendor: Prometric), to include updating the test question bank, managing eligibility codes, and providing reports as necessary.

14. Maintains master test bank, using a contract Test Writer/Editor as needed.47 15. Removes expired ISP®s from on-line list. 16. Trains and monitors the performance of all MMCO staff involved with the ISP® Program. 17. Maintains proper records of the qualifications and training of all MMCO and NCMS

members involved with the ISP® Program. 18. Performs annual reviews and self-assessment of MMCO policies and performance related to

the ISP® Program. 19. Ensures that the administration of the ISP® Program is performed in an impartial and fair

manner by consistently enforcing all policies and procedures.48 20. Reports any attempts to circumvent policies and procedures or to unduly influence or corrupt

the process to the ISP® and Accreditation Committee Chairs.49 21. Attend committee telecom meetings as needed.50

D. Accreditation Committee Chair

1. Works with ANSI to establish and maintain accreditation. 2. Coordinates with the ISP® Committee Chair and Executive Director to ensure the ISP®

Certification Program maintains accredited status. 3. Reports to the Board of Directors quarterly regarding the status of accreditation.

E. ISP® Recipients51

42 Revised 1/11 to include eligibility recommendation 43 Revised 1/11 to include eligibility recommendation. 44 Effective May 2012 45 Revised 8/12 to include seals and pins 46 Revised 1/11 to include eligibility recommendation 47 Clarified 8/12 48 Added by ISP® Committee to address ANSI standard; 05/14 49 Added by ISP® Committee to address ANSI standard; 05/14 50 Added by ISP® Committee; 02/18

51 Added 4/14 to reflect ANSI requirement

12

1. Comply with the NCMS and ISP® Codes of Ethics (in P&P Manual and ISP® Manual, Section VI respectively).

2. Maintain certification every three years following established requirements in Section VII. 3. Report to NCMS HQ if you are no longer able to meet the requirements of being an ISP®. 4. Report to NCMS HQ when you completely retire from performing industrial security.

III. APPLICATION

The application is only available on-line, and can be viewed from the ISP® website (ncms-isp.org).52

IV. CERTIFICATION

A. Decision The decision to certify a candidate for the ISP® is made by the ISP® Committee Chair based upon the recommendation of the Executive Director, whose input is based upon the candidate passing the on-line examination and having completed all administrative requirements.53

B. Records The Executive Director will keep records of all certifications, re-certifications, and examination results for 10 years. 1. Certifications.

a. Names of ISP® with dates of certification b. Copies of applications

2. Re-certifications a. List of ISP®s with dates of recertification and appropriate notices b. Copies of applications c. Names of re-certified ISP® with dates of re-certification

3. Examinations a. Copies of applications b. Copies of examinations, to include electives c. Copies of examination results, to include names, scores, and average scores d. Copies of examination analysis e. Copies of examination answer sheet f. Copies of Proctor reports

V. ISP® CERTIFICATION COMMITTEE ORGANIZATION54 A. General.

1. The ISP® Certification Committee is composed of an Executive Committee and Subcommittees. Although the Examination Preparation Program (EPP) is not part of the ISP® Committee, it is listed on the ISP® website in order to maintain a cohesive order for ISP® candidates.

2. All committee members other than the Chair may be volunteers, from within or outside of NCMS, who are current ISP®s.

52 Revised to remove hard copy application reference; 01/15 53 Revised to remove hard copy exam reference; 8/12 54 Section added 3/12 by the ISP® Committee

13

3. The ISP® Chair approves all recommendations from the subcommittees. See “Responsibilities” (P&P Manual, Section II, paragraph B, # 11) for details of the ISP® Chair duties.

4. Subcommittee Chairs will keep the ISP® Chair appraised of their activities and submit recommendations to the ISP® Chair.

B. ISP® Certification Executive Committee55 ISP® Certification Executive Committee consists of ISP® Chair, ISP® Vice Chair, Certification Subcommittee Chair & Vice Chair, Recertification Subcommittee Chair & Vice Chair, Exam Generation Subcommittee Chair & Vice Chair, CEU Subcommittee Chair & Vice Chair, Exam New Questions Subcommittee Chair & Vice Chair. Meetings will be documented and minutes filed. Electronic and phone meetings are acceptable. A quorum of 3 must be in attendance for meetings/approvals.

C. ISP® Certification Subcommittee This subcommittee is composed of Subcommittee Chair as appointed by ISP® Committee Chair and committee members. Subcommittee will work day-to-day issues associated to obtaining the ISP® Certification and promote the ISP® Certification. They will assist in establishing policies and procedures pertaining to getting the ISP® Certification. This position also responds to on-line questions regarding certification.56

D. ISP® Recertification Subcommittee This committee is composed of Subcommittee Chair as appointed by ISP® Committee Chair and committee members. The subcommittee will work day-to-day issues associated to ISP® Certification recertification and promote the ISP® Certification. They will assist in establishing policies and procedures pertaining to the ISP® Certification recertification. This position also responds to on-line questions regarding recertification.57

E. CEU Review Subcommittee This committee is composed of Subcommittee Chair as appointed by ISP® Committee Chair and committee members. The subcommittee will review training agendas from Chapters, educational agencies, and company security training events and determine the appropriate CEU award. Recommendations will be made to approve the appropriate CEU award. The subcommittee will make recommendations to the ISP® Recertification Subcommittee whenever it is determined a revision is needed in the CEU award policy and procedures. This subcommittee applies the policies and procedures developed by the ISP® Recertification Subcommittee; it has no policy and procedures authority. This position also responds to on-line questions regarding CEUs.58

F. Examination Maintenance Subcommittee This committee is composed of Subcommittee Chair as appointed by ISP® Committee Chair, a Vice Chair and committee members. The subcommittee is responsible for examination question management, which includes taking proposed questions, validating questions, performing analysis and editing questions. The Chair works closely with the Executive Director on exam question management to ensure exam questions are current and accurate. This position also responds to on-line questions regarding the subcommittee.59

55 Subsection revised to include subcommittees; 02/17 56 Task added; 02/18 57 Task added; 02/18 58 Task added; 02/18 59 Task added; 02/18

14

G. Question Generation Subcommittee

This committee is composed of Subcommittee Chair as appointed by ISP® Committee Chair and committee members. The subcommittee is responsible for reviewing newly published editions of the NISPOM and all ISLs to perform a comparative analysis, note policy changes, and generate proposed new questions. The questions are then turned over to the Examination Subcommittee for further review and processing. The Question Generation Subcommittee will not be involved in the review/validation of the proposed questions and will not know if the questions were accepted or altered. This position also responds to on-line questions regarding their committee.60

H. The Annotated NISPOM (TAN) Subcommittee The TAN is a subcommittee of the Education and Training Committee. The TAN Subcommittee updates the TAN whenever a new NISPOM or ISL is released.

I. EPP Subcommittee

EPP is a Subcommittee of the Education and Training Committee; it has no direct connection with the ISP® Certification Program, especially regarding examination questions.61 This Subcommittee is responsible for the EPP program.

J. Executive Director62 The Executive Director maintains the master copy of the examination question database with the assistance of examination subcontractors and performs all coordination tasks with the examination subcontractors.

VI. CODE OF ETHICS

A. Requirements

ISP®s and ISP® candidates must always demonstrate the highest levels of professional and ethical behavior, with unquestionable integrity63, which includes, but is not limited to, the characteristics listed below. 1. Act in an honest, forthright, and dependable manner. 2. Follow and enforce all applicable security laws, regulations, orders, rules, policies, and

procedures. 3. Safeguard classified and proprietary information at all times. 4. Place national security above all other work priorities. 5. Maintain proficiency in the appropriate security fields. 6. Assist fellow security professionals who are in need. 7. Balance security needs with business, operational, and research requirements. 8. Refrain from negative actions such as starting rumors, making slanderous statements, and

embarking on character assassination. 9. Refrain from misrepresenting yourself as an ISP® if you have not recertified. 10. Comply with all ISP® administrative and security requirements.64

B. Disciplinary Actions

60 Task added; 02/18 61 Revised to clarify separation from ISP® Committee; 8/12 62 Subsection added by ISP® committee 9/13 63 Code of Ethics updated by ISP committee; 10/16 64 Added per ISP® Committee; 8/12

15

Any NCMS member or ISP® should submit in writing descriptions of any instances of unprofessional or unethical behavior by an ISP® to the NCMS Executive Director. All disciplinary issues will be reviewed by the NCMS Ethics Committee65, which will follow the established process to determine what, if any, disciplinary actions are appropriate.

C. Reasons for Disciplinary Actions

The reasons for disciplinary actions include, but are not restricted to, the following actions: 1. Conviction on felony charges 2. Failure to abide by the ISP® Code of Ethics 3. Failure to abide by the NCMS Code of Ethics

D. Revocation or Suspension of Certification66

If a certification is revoked or suspended for cause, a certified letter (signature required) will be sent to the individual on behalf of the ISP® Committee informing him/her of the decision. The individual will be advised to cease use of the ISP® designation and logo immediately and return his/her ISP® certificate to NCMS HQ on or before a specified date.

VII. RECERTIFICATION A. General

Recertification is required every three years to maintain the ISP® Certification. The recertification requirement is designed to ensure that ISP®’s remain current and continue to develop their knowledge and skills in the field.

B. Requirements67

1. Candidates must recertify every three years by the last day of the month in which the candidate originally became certified.

2. Sixty Continuing Education Units (CEUs) are required for recertification as of 1 Jan 2012. (Note: Prior to 1 Jan 2012, six recertification credits were required for recertification.)

3. All requests for CEUs to be used for recertification will be adjudicated by the ISP® Certification Committee with assistance from the Executive Director.

4. Some or all activities may qualify for CEU credit under more than one professional certification.

5. No more than 50% of the claimed recertification CEU credits can come from membership and voluntary service activities. At least 50% of the CEU credits must come from attending or teaching security-related educational programs and courses; and providing security-related instruction, speeches, presentations, or publications.

6. The same activity may not be counted under more than one category. (For example, a presentation originally given orally cannot be published and counted both as a presentation and as a published article.)

7. Documentation to support claimed recertification CEU credits is required. C. Recertification Credit Guide

65 Updated to identify Ethics Committee as reviewer; 9/16 66 Added by committee; 9/16 67 Revised by ISP® Committee 2/12 based on new policy

16

The current Recertification Credit Guide can be downloaded from the ISP® website (ncms-isp.org) or a copy can be requested from the Executive Director.

D. Recertification Application Current Recertification Application is only available on line and can accessed from the ISP® website (ncms-isp.org)68

E. Recertification Cost69 A fee of $75 for members and $12570 for non-members shall be sent to NCMS with the recertification application to cover the administrative costs of recertification. Fees will double for applications submitted up to one month past the original recertification date.71

F. Recertification Lapse Policy 1. Recertification candidates must submit their recertification credits and payment to the NCMS

Headquarters not later than one month past their original recertification date. All credits claimed for recertification must have been earned within the original recertification period. If both the recertification application, supporting documentation, and payment are not received by the end of this time, the ISP®’s certification will lapse. Extra time will no longer be given to allow for additional submission of supporting documentation.72

2. NCMS, Inc. will send formal notice to the individual that his/her certification has been

withdrawn for failure to recertify in accordance with policy and that he/she may no longer use the ISP designation. To regain ISP® certification once the original certification has lapsed, an individual must reapply for and retake the ISP® examination at full cost.

G. Program Review73

The ISP® Committee will conduct an annual review of the recertification program to determine any changes to be made, including, but not limited to: • Application process • Credit Guide • Recertification period • Method of recertification • Marketing materials The review will be documented, with changes communicated to ISP®'s and an implementation schedule to be determined as necessary.

VIII. EXAMINATION FACTS

A. Examination Topics: As determined by a formal Job Analysis for Industrial Security facility managers with five or more years of experience conducted by the ISP® Committee, the skills required for certification fall into the following areas: 1. Security Administration & Management

a. National Industrial Security Program 68 Added by ISP® Committee to reflect on-line availability only; 01/15 69 Revised by ISP® Committee; 2/12 70 Revised 3/14 to reflect price increases 71 Added by ISP Committee to reflect board approval of late fees. 72 Section revised to tighten deadline to 30 days only per board approval. Additional time was removed; 10/15 73 Section added to document annual program review per 2016 audit; 10/16

17

b. Records & Documentation c. Required Reports d. Facility Clearances e. Oversight & Audits f. Incidents of Security Concern

2. Document Security a. Creation & Marking b. Accountability c. Transmission & Receipting d. Retention e. Reproduction f. Destruction

3. Information systems Security a. Administrative & Procedural Controls b. System Security Plans c. Accreditation d. Audits e. Physical Protections

4. Physical Security a. Storage and Lock Requirements b. Closed & Restricted Areas c. Intrusion Detection Systems (IDS) d. Central Alarm Stations & Requirements e. Access Controls

5. Personnel Security a. Clearances b. Forms c. Adjudication d. JPAS e. e-QIP

6. International Security a. Disclosure Policy b. Foreign Classified Contracts c. Access, Marking, and Handling Foreign Classified Information d. Export Control Regulations e. International Visits

7. Classification a. Classification Policy b. Classification System c. DD Forms 254 & Security Classification Guides d. Subcontracting e. Downgrading & Declassification

8. Security Education a. Requirements b. Content c. Techniques d. Records

9. Audits & Self-Assessments a. Government Audits b. Facility Self-Inspections c. Other Required Audits

18

10. Electives a. COMSEC/TEMPEST

b. Counterintelligence c. Intellectual Property d. Operations Security (OPSEC) e. Special Access Programs (SAP)74

B. Exam Grading Criterion 1. The minimum passing grade is 75%. Note: there is no rounding of final scores. 2. Each question is equally weighted and graded on a best-answer basis; there is no partial

credit. 3. Questions with two or more answers marked will be considered incorrect.

C. Possible Cheating Incidents

1. If the proctor detects/suspects cheating, then the proctor will inform the candidate and submit a formal written report of the incident, as a part of the Proctor Affirmation Report, to the Executive Director. The candidate will be allowed to write a statement and submit it to the Executive Director.

2. Once the report is received75, the Executive Director will inform the ISP® Certification Committee Chair who will then conduct an inquiry into the situation, which will include a review of any written statements from the candidate, and make a formal decision in writing. This decision will be sent to the proctor and candidate, with copies to the Executive Director and NCMS President. 76

3. If the candidate wishes to appeal the decision, he/she must follow the process as outlined in this manual (See "Appeals Process")

4. In addition to the above, the ISP® Certification Committee Chair will review the exam results to determine if there is an excessively high-scoring trend, which is a potential cheating indicator. If found, the Chair will do the following:77 a. Advise the Executive Director of a potential cheating incident and open an investigation; b. Confer with the proctor(s) to identify any abnormalities and advise the candidate(s) of the

suspected cheating and investigation; c. Advise the candidate(s) that he/she may write a statement and submit to the Executive

Director; d. Review any statements that are received by the Executive Director and draft a decision.,

which will be sent to the candidate(s) and the exam proctor(s), with copies to the Executive Director and NCMS President.

e. The candidate(s) may appeal the decision by following the process as outlined in this manual (See "Appeals Process").

IX. STUDY REFERENCES AND SOURCES

Refer to the current list of references and sources on the ISP® page of the NCMS website (classmgmt.com).

X. EXAMINATION MAINTENANCE AND SECURITY78 74 Added 3/12 75 Revised for clarity, 8/15 76 Revised to include Exec Dir in the distribution, 8/15 77 Subsection added 8/15 in response to ANSI recommendation in surveillance report.

19

A. Updates 1. The ISP® Program examination will be updated each year by the ISP® Committee. 2. The updated and revised version of the examination, if changed, will be available by 1 June

each year. 3. The ISP® Committee reserves the right to take the exam offline for a specified period of time

if needed to perform necessary updates. Any closure of the exam will be communicated in advance.79

B. Security 1. Strict security of all examination materials must be maintained at all times, to include

encrypting e-mails containing examination questions. 2. MMCO is responsible for maintaining and securing records of the examination. 3. No one involved in the ISP® Examination Preparation Program (EPP) may participate in the

ISP® Certification examination review and update process for two years after completing such work.

4. No one involved in the ISP Certification Examination Subcommittee may become a member of the EPP Committee for two years after completing work on the examination.80

5. The ISP® Committee Chair, working with the Executive Director and the examination contractor, must ensure that examination questions are not being mined or harvested. While examination proctors are critical during the examinations, NCMS also must monitor any internet signs that our examination questions are being harvested.81

6. Details are covered in the Security Plan and the Examination Construction, Maintenance, and Administration Policy.

C. Reference Changes Changes to the NISPOM and other examination references made after 1 January will not be included in the June version of the ISP® examination that same year.

D. Details Details are covered in the ISP® Construction, Maintenance, and Administration Policy.82

XI. CERTIFICATION EXAMINATION PREPARATION PROGRAM

A. The ISP® Examination Preparation Program (EPP) is separate from the ISP® Committee and is under the oversight of the Education & Training Committee.

B. The EPP is run exclusively by ISP®s and is designed as a method of assisting candidates in preparing for taking the ISP® Certification Examination. This program does not provide “answers” to the ISP® Examination questions. Rather, it provides a structured approach to studying, a platform for discussions that will assist the candidate in confirming the accuracy of their knowledge, and test-taking tips.

C. No one serving as an EPP Facilitator83 or Subject-Matter-Expert Facilitator for the EPP is

permitted access to the ISP® Examination test bank or may participate in updating and revising the ISP® Examination.

78 Security references added by ISP® Committee; 12/13 79 Added by ISP® Committee; 01/15 80 Added by ISP® Committee 09/13 81 Added by ISP® Committee; 8/12 82 Added per ISP® Committee; 8/12

20

D. Candidates may join the ISP® Certification Exam Preparation Program by registering on line at

ncms-isp.org/.

E. Once in the program, the candidate may purchase a workbook, perform the study assignments, and attend conference calls wherein the study topics are discussed.

F. The workbook contains a syllabus that provides a schedule of events and an outline of the topics to be covered.

XII. APPEALS & COMPLAINTS PROCESS84

A. Definition.85 Appeal: A request by an applicant, candidate, or certified person for reconsideration of any decision made by the certification body related to his/her desired certification status; Complaint: An expression of dissatisfaction, other than an appeal, by any individual or organization to a certification body, relating to the activities of that body or a certified person, where a response is expected. ISP® Certification Executive Committee: Consists of ISP® Chair, ISP® Vice Chair, Certification Subcommittee Chair & Vice Chair, Recertification Subcommittee Chair & Vice Chair, Exam Generation Subcommittee Chair & Vice Chair, CEU Subcommittee Chair & Vice Chair, Exam New Questions Subcommittee Chair & Vice Chair.

B. Appellants/Complainants.86 All applicants, candidates, and certified individuals may file an appeal or complaint regarding any decision or action that falls within the process of obtaining and/or keeping an ISP® Certification. This appeal or complaint must be submitted in writing using the Appeals and Complaints Form (ISP-5024)87, fully describe the issue and the reason for the appeal or complaint, and be addressed to the NCMS Executive Director. 88

C. Tracking/Recording.89 The Executive Director shall formally acknowledge receipt of the Appeals and Complaints Form (ISP-5024)[FORM] to the appellant or complainant and record the appeal or complaint upon receipt, including the date received, and forward to the ISP® Chair. All subsequent communications, actions, and decisions will be provided to the Executive Director, who will update the file upon receipt. The Executive Director shall provide the appellant/complainant with progress reports upon request, as well as the final outcome.

83 "Mentor" replaced by "Facilitator" effective 12/15 84 Section revised to add complaints to process; 02/17 85 Subsection added; 02/17

86 Subsection revised to included complainants; 02/17 87 Form added; 02/17 88 Added by ISP® Committee; 2/12 89 Subsection added; 02/17

21

D. Investigation. 90

The ISP® Chair shall convene a meeting of the ISP® Certification Executive Committee (excluding anyone directly connected to the issue behind the appeal or complaint) to review the case, gather the necessary information, conduct interviews if necessary, and determine what, if any, appropriate corrections and/or corrective actions should be taken. The ISP® Certification Executive Committee shall ensure that all actions and decisions shall be impartial and constructive and that no discriminatory actions shall be taken against the appellant/complainant.

E. Notification.91

A substantiated complaint against a certified individual shall be communicated by the ISP® Certification Executive Committee to the certified person in question in order to give the certified individual the opportunity to respond to the complaint. The ISP® Certification Executive Committee will include this response in the investigative process.

F. Rulings.

All rulings by the ISP® Certification Executive Committee shall be in writing using the Appeals and Complaints Form (ISP-5024)92. This document will be sent to the appellant/complainant, the Executive Director, and the NCMS President.93

G. Final Appeals.

All rulings by the ISP® Certification Executive Committee may be appealed by requesting in writing a final ruling from the NCMS Executive Board. This final appeal will be sent to the NCMS Executive Director, who will record the appeal as described above and send to the Executive Board. The Chair of the ISP® Certification Committee (or another member of the ISP® Certification Executive Committee if the Chair has a conflict of interest) will provide any information or assistance the Executive Board requests. The Executive Board (which does not include the ISP® Committee Chair or anyone directly involved with the ISP® Certification Program) will make a final determination and provide a written reply to the appellant, with a copy to the NCMS Executive Director, specifying the rationale for their decision.94

H. Conflict of Interest. No Board or ISP® Committee member with any direct personal or professional job-related connection with the appellant or complainant may be involved in the process. The Executive Director may not be involved in these decisions, except to provide technical and administrative assistance.95

I. Timeframes. 96

The process for appeals and complaints shall be conducted within 30 days by the ISP® Certification Executive Committee, unless there are extenuating circumstances. The NCMS Executive Board shall have an additional 30 days to make a final ruling if necessary.97

90 Subsection added; 02/17 91 Subsection added; 02/17 92 Form added; 02/17 93 Added by ISP® Committee; 2/12 94 Revised by ISP® Committee; 2/12 95 Added by ISP® Committee; 2/12 96 Subsection revised to include additional 30 days in event of appeal; 02/17

22

J. Follow-up Actions.

If the appeals or complaints process highlights any problems with the ISP® Certification Program, then the ISP® Committee Chair must take immediate corrective actions, which includes resolving the immediate problem, mitigating any further or related problems, preventing re-occurrences, and documenting any resulting policy changes.98

XIII. SELF-ASSESSMENTS AND AUDITS

A. Self-Assessments

1. The ISP® Committee will conduct an annual self-assessment of the ISP® Program policies and examination.

2. This self-assessment will include a review by the committee and a separate review by an independent person(s) acting under the direction of the ISP® Committee Chair.

3. A copy of both self-assessments will be reviewed and approved by the ISP® Committee Chair and submitted to the Board with comments and corrective action plan (if necessary) within three months of the end of the self-assessment.

4. The schedule of the self-assessments will allow for submission of the final self-assessment report by the ISP® Committee Chair to the Board at the September/October meeting of the Board.

5. The self-assessment will follow the Self-Assessment Checklist and will include any special topics designated by the Board or ISP® Committee Chair.

B. Audits

1. ANSI will conduct an audit of the ISP® Program in accordance with their policies and procedures.

2. The ISP® Committee Chair, working with the Accreditation Chair, will coordinate the ANSI audit, or designate someone to do the coordination.

3. If determined necessary, the ISP® Committee Chair will contract with an outside agency to conduct an outside audit of the ISP® Program. The timing of such an audit will be either to address an immediate concern or to occur at the mid-point between ANSI audits.

4. The details of these audits will be determined by the ISP® Committee chair or a designee.

XIV. CONTINUOUS IMPROVEMENT AND CORRECTIVE ACTIONS A. Continuous Improvement and Quality Control

1. The ISP® Certification Committee is responsible for continuous improvement and quality control of the ISP® Certification Program. a. Continuous improvement comes from activities like, but not restricted to, the following:

• Regular reviews of policies, manuals, procedures, and forms • Self-Assessments and Audits • Examination Reviews • ISP® and NCMS Surveys • Recommended changes from the Board, ISP®s, committee members, chapter chairs,

or NCMS members (multiple avenues exist for this input: e-mail, telephone, face-to-face meetings, NCMS website feedback, Board meetings, committee meetings, and joint chapter chair and Board meetings)

97 Revised by ISP® Committee; 2/12 98 Added by ISP® Committee; 2/12

23

b. Quality Control activities include the same as listed above, but focus on accuracy and precision versus innovation and improvement.

c. The ISP® Certification Committee Chair approves continuous improvement and quality control requirements and processes.

2. The ISP® Certification Committee Chair approves in writing all audits, reports, analysis, surveys, and changes to the ISP® Program. a. The Chair may designate committee members to be responsible for working on the

various committee tasks and submitting recommendations for approval. b. Submissions and approvals may be done by e-mail. c. Records will be kept by the Executive Director. d. The ISP® Certification Committee meetings are the best venue for addressing issues and

making decisions. 3. The ISP® Certification Committee Chair prioritizes changes and improvements, approves

timelines, and obtains required funding from the Board. a. Prioritization will be based upon the situation: budget, time restraints, criticality, and

impact. b. Committee members will make recommendations; the Chair makes decisions.

4. The ISP® Certification Committee Chair reports on the status of the ISP® Certification Program to the Board at the quarterly Board Meetings. Status reports will include at least the following: a. How many ISP®s have been granted or recertified; pass rates and recertification rates b. Status of examination review, self-assessments, audits, and corrective actions c. All improvements or changes to the ISP® Certification Program d. Requests for budgetary support as required e. Recommended addition of certifications, if any

5. The ISP® Certification Committee Chair publishes all changes as necessary: a. Inform all NCMS membership or all ISP®s b. Update the ISP® page of the NCMS website c. Make changes to the ISP® Certification Program policies, manual, and procedures

B. Corrective and Preventative Actions 1. The ISP® Certification Committee Chair is responsible for ensuring that all reviews, self-

assessments, and audits that find problems result in the development of written corrective and preventive action plans.

2. These plans must have specific recommendations, specific timelines (or milestones), and where necessary, budgetary implications. a. Corrective Action Plans are concerned with fixing existing problems, and may require

solutions that take time and money. If this is the case, then the responsible committee member must develop multiple courses of action that include a cost-benefit analysis and a risk analysis for each. Then the Chair can make a decision and seek Board funding.

b. Preventative Action Plans are concerned with ensuring that similar problems do not re-occur. Improved training or policies and procedures often can prevent future problems—or at least reduce the likelihood of repeat errors.

3. The designated committee members or Executive Director are responsible for developing the plans and implementing the solutions.

4. The ISP® Certification Committee Chair is responsible for verifying in writing that all corrective actions have been completed according to the plans. Committee members may be designated to perform this task (not the same member that is responsible for implementation).

XV. CEU DETERMINATION FOR CHAPTER EVENTS

24

A. General Chapters holding meetings, seminars, and other training who would like to issue CEU credit to their attendees, must submit their proposed agenda first for ISP® CEU Subcommittee review and approval. Current SOP is included after the table of contents of this manual as Attachment 6. A copy can also be downloaded from the ISP® website (ncms-isp.org)

B. Agenda The proposed agenda with sufficient detail that defines the length and title of each speaker99 will be sent no less than 30 days prior to the event to the NCMS Executive Director, who will forward on to the subcommittee chair.

C. Approval The chair and/or a member of the ISP® Committee will review the agenda and either approve the agenda as submitted or send a request for additional information and/or recommendations to maximize the credit received directly to the chapter chair.

D. Filing Once the agenda is approved, a final copy will be filed by the Executive Director in the appropriate chapter’s file, and the chapter chair may use the agenda in all promotional materials and announcements.

E. Number of CEUs CEUs will be calculated according to the standards approved by the ISP® Committee. This document is included after the table of contents of this manual as Attachment 7. A copy can also be downloaded from the ISP® website (ncms-isp.org).

XVI. CONTRACTS AND SUBCONTRACTS100

A. Purpose101

NCMS outsources work related to the ISP® certification as needed (a master list of contractors/subcontractors is maintained by MMCo staff), and as such shall:

1. take full responsibility for all outsourced work; 2. ensure that the contractor/subcontractor is competent and complies with the applicable

provisions of this standard; 3. assess and monitors on a continuous basis the performance of the

contractor/subcontractor in accordance with its documented procedures; 4. maintain records to demonstrate that the contractor/subcontractor meets all requirements

relevant to the outsourced work.

B. Contractor/Subcontractor Evaluation 1. All contractors relating to the ISP Program are reviewed by the Executive Director, ISP®

Committee Chair, NCMS Treasurer, and the President of NCMS. The President approves and signs these contracts. The contract statement of work is examined to ensure that it is in sufficient detail to allow for proper oversight and enforcement. a. If multiple bids are appropriate, they are collected and analyzed to determine which

proposal provides the best results for a reasonable cost.

99 Revised by ISP® Committee; 02/18 100 Revised by ISP® Committee; 3/12 101 Section renamed and revised to conform with standard; 1/17

25

b. As necessary, MMCO coordinates with the ISP® Committee Chair to ensure that the statement of work will provide the desired support for the ISP® Program.

2. MMCO will subcontract work related to the ISP® Program as deemed necessary, and these subcontractors are evaluated by the Executive Director and staff. The Executive Director approves and signs these contracts. MMCO has their standards and procedures for evaluating contracts. a. If multiple bids are appropriate, they are collected and analyzed to determine which

proposal provides the best results for a reasonable cost. b. As necessary, MMCO coordinates with the ISP® Committee Chair to ensure that the

statement of work will provide the desired support for the ISP® Program.

C. Filing All contracts related to NCMS Contractors and Subcontractors are filed at NCMS Headquarters by the Executive Director. The Executive Director also maintains all contractor/subcontractor evaluations and any support materials..

D. Evaluation of Products and Services

1. Contractors and Subcontractors must comply with the contract statement of work, which will include delivery of products, timetables, and standards of work.

2. Quality of products and services is evaluated by NCMS staff and ISP® and Accreditation Committees on an annual basis and contracts renewed as appropriate. Evaluations forms on file at NCMS Headquarters.

XVII. ISP® CERTIFICATES102, LOGO, AND MARK

A. General103

1. All ISP®s will receive a certificate and ISP® Pin upon receiving the designation Industrial Security Professional. a. The ISP® Pin looks like the following picture and may be affixed to the wearer’s clothes as

desired, normally on a lapel, collar, or near the left shoulder.

b. The ISP® Certificate must have the certified recipient’s name and a seal that includes the

month and year the ISP® Certification was awarded and the month and year of recertification, which is required to maintain the ISP® Certification. (see Attachment 9)

2. As an ISP®, you have the right to use the ISP® Logo and Certified Mark, examples of which are shown below:

a.

102 Certificates included in policy; 8/12 103 Section 1 added; 8/12

26

b. ISP™ 3. The ISP® Logo and Mark are authorized for use only by Industrial Security Professionals

(ISP®s) in good standing whose certification has not been revoked due to violation of the ISP® Code of Ethics, failure to recertify, or other reason as determined by the ISP® Certification Committee. a. NCMS monitors and protects its marks, and as an ISP®, it is critical that ISP®s use these

marks properly and report any improper use or infringement to the ISP® Certification Committee Chair immediately.

b. Any advertisement or promotional literature that uses the ISP® Logo and/or Mark should specify that these are registered trademarks that are the property of NCMS.

B. Use of ISP® Logo and Mark

1. The logo may not be altered or modified in any way. 2. Only high-resolution artwork provided by NCMS Headquarters may be used to ensure that

the logo appears properly. 3. The logo cannot be used in conjunction with a company name or logo or be placed in such a

way that it would appear the certification relates to the company. 4. The mark may not be used as part of a certified individual’s email address. 5. The mark may not be used as part of a certified individual’s company or business. 6. The mark may not be used as part of a website or www IP address domain name.

C. Examples of Proper Use

1. Jane Johnson is an ISP®. 2. Jane Johnson, ISP®, is a member of the NCMS Board of Directors. 3. Jane Johnson is an Industrial Security Professional (ISP®). 4. Jane Johnson, ISP®, is President of Jane Johnson Consulting, Inc.

D. Improper Use

2. jim.johnsen.isp@gmail.com). 3. Jim Johnsen ISP® Consulting, Inc. 4. Jim Johnsen, isp (or Isp)

E. Actions Responding to Improper Use104

1. All cases of inappropriate use will be reported to the Executive Director who will inform the ISP® Committee Chair.

2. The ISP® Committee Chair will research all reports of improper use of the ISP® Logo and make recommendations for action to the NCMS President.

3. The NCMS President, working with the NCMS Executive Committee, will determine any actions to be taken.

XVIII. ANSI ACCREDITATION MARK, SYMBOL, or REFERENCE105

A. Use of the ANSI Mark106

The ANSI Accreditation Mark or Symbol must be used according to ANSI Public Procedure ANSI-PR-027: Rules Governing the Use and Protection of the ANSI Accreditation Mark and References to ANSI Accreditation, dated 10 August 2016, Revision 1. This document is located on the ANSI website.

104 Added by the ISP® Committee; 3/12 105 Section added by ISP® Committee; 12/13. Updated 1/17 106 Revised to reflect new ANSI trademark use; 1/17

27

“Whenever the CAB presents the ANSI Accreditation Mark (e.g., on its website, in a print brochure, etc.), the CAB shall print its accreditation number (found on the Accreditation Certificate) centered immediately under the ANSI Accreditation Mark. The accreditation number shall appear in the four-digit format provided by ANSI. “The CAB shall indicate under the ANSI Accreditation Mark the accreditation program and applicable accreditation standard under which accreditation has been granted. This information is to be centered under the accreditation mark.”

B. Example of use107

#0860 #0860 ISO/IEC 17024 ISO/IEC 17024 Personnel Certification Program Personnel Certification Program

C. Reference to ANSI Accreditation without Mark

Whenever referring to the ANSI accreditation without using the Mark, the following phrase must be used: An ANSI-accredited Personnel Certification Program – Accreditation #0860.108

D. Use on Letterhead and ISP® Certificates The ANSI Mark may be used on NCMS letterhead and ISP® certificates as long as the use complies with the ANSI reference stated above.

107 New mark implemented; 1/17 108 Verbiage requirements updated; 1/17